The NJCCIC was informed of a phishing campaign impersonating Zoho with the subject line “New sign-in from an unverified location.” The email is sent from “Zoho Team<noreply@italinea[.]com[.]br” and contains a link to “Review Account Activity.” This link, as well as the URL below it, directs users to a webpage, “new-loginzoho[.]com/…”, that was registered today, April 16. The fraudulent webpage instructs the user to log in with their email address. If the email address does not match an active Zoho account, the user receives an error message stating, “This account does not exist. Try again.” The official Zoho login page is zoho[.]com/login[.]html.  

Recommendations

• Exercise caution with communications that appear to be sent from known senders or legitimate platforms.
• Navigate directly to legitimate websites and verify before submitting account credentials, providing personal or financial information, or downloading files.
• Enable multi-factor authentication (MFA) on all accounts.
• Report malicious cyber activity to the NJCCIC and the FBI’s IC3.